Please use this identifier to cite or link to this item: http://hdl.handle.net/10125/50524

An Exploratory Study of Current Information Security Training and Awareness Practices in Organizations

File Size Format  
paper0637.pdf 538.86 kB Adobe PDF View/Open

Item Summary

dc.contributor.author Alshaikh, Moneer
dc.contributor.author Maynard, Sean B
dc.contributor.author Ahmad, Atif
dc.contributor.author Chang, Shanton
dc.date.accessioned 2017-12-28T02:12:29Z
dc.date.available 2017-12-28T02:12:29Z
dc.date.issued 2018-01-03
dc.identifier.isbn 978-0-9981331-1-9
dc.identifier.uri http://hdl.handle.net/10125/50524
dc.description.abstract Effective information security training and awareness (ISTA) is essential to protect organizational information resources. Our review of industry best-practice guidelines on ISTA exposed two key deficiencies. First, they are presented at a conceptual-level without any empirical evidence of their validity. Second, the guidelines are generic (one size fits all) without consideration of the diversity in organizational contexts where they will be applied. Given these deficiencies in ISTA guidance, this paper reports on the findings of an exploratory study into how ISTA is implemented in different organizational contexts in six organizations. The paper identifies three challenges: the lack of motivational aspects in current ISTA program, the competition for employees’ attention and the difficulty in measuring the effectiveness of ISTA program. Several recommendations and suggestions were outlined to overcome these challenges.
dc.format.extent 10 pages
dc.language.iso eng
dc.relation.ispartof Proceedings of the 51st Hawaii International Conference on System Sciences
dc.rights Attribution-NonCommercial-NoDerivatives 4.0 International
dc.rights.uri https://creativecommons.org/licenses/by-nc-nd/4.0/
dc.subject Practice-based IS Research
dc.subject information security training and awareness, information security management, security training and awareness activities
dc.title An Exploratory Study of Current Information Security Training and Awareness Practices in Organizations
dc.type Conference Paper
dc.type.dcmi Text
dc.identifier.doi 10.24251/HICSS.2018.635
Appears in Collections: Practice-based IS Research


Please email libraryada-l@lists.hawaii.edu if you need this content in ADA-compliant format.

This item is licensed under a Creative Commons License Creative Commons